An integrity check value algorithm for stream ciphers
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
OCB: a block-cipher mode of operation for efficient authenticated encryption
CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
Modes of Operation of Stream Ciphers
SAC '00 Proceedings of the 7th Annual International Workshop on Selected Areas in Cryptography
UMAC: Fast and Secure Message Authentication
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
SQUARE HASH: Fast Message Authenication via Optimized Universal Hash Functions
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
The Security of Cipher Block Chaining
CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
On Fast and Provably Secure Message Authentication Based on Universal Hashing
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
MMH: Software Message Authentication in the Gbit/Second Rates
FSE '97 Proceedings of the 4th International Workshop on Fast Software Encryption
Fast Hashing and Stream Encryption with PANAMA
FSE '98 Proceedings of the 5th International Workshop on Fast Software Encryption
Unforgeable Encryption and Chosen Ciphertext Secure Modes of Operation
FSE '00 Proceedings of the 7th International Workshop on Fast Software Encryption
Fast Encryption and Authentication: XCBC Encryption and XECB Authentication Modes
FSE '01 Revised Papers from the 8th International Workshop on Fast Software Encryption
Encryption Modes with Almost Free Message Integrity
EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
A Concrete Security Treatment of Symmetric Encryption
FOCS '97 Proceedings of the 38th Annual Symposium on Foundations of Computer Science
On the security of two MAC algorithms
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Bucket hashing with a small key size
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
Software performance of universal hash functions
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
| Hi-index | 0.00 |
An authenticated-encryption scheme is frequently used to provide a communication both with confidentiality and integrity. For stream ciphers, i.e., an encryption scheme using a cryptographic pseudo-random-number generator, this objective can be achieved by the simple combination of encryption and MAC generation. This naive approach, however, introduces the following drawbacks; the implementation is likely to require two scans of the data, and independent keys for the encryption and MAC generations must be exchanged. The single-path construction of an authenticated-encryption scheme for a stream cipher is advantageous in these two aspects but non-trivial design.In this paper we propose a single-path authenticated-encryption scheme with provable security. This scheme is based on one of the well-known 驴-almost-universal hash functions, the evaluation hash. The encryption and decryption of the scheme can be calculated by single-path operation on a plaintext and a ciphertext. We analyze the security of the proposed scheme and give a security proof, which claims that the security of the proposed scheme can be reduced to that of an underlying PRNG in the indistinguishability from random bits. The security model we use, real-or-random, is one of the strongest notions amongst the four well-known notions for confidentiality, and an encryption scheme with real-or-random sense security can be efficiently reduced to the other three security notions. We also note that the security of the proposed scheme is tight.